Google, McAfee Research Cyber Attacks, Security Looks at Malware

Google and McAfee, together with groups like the Electronic Frontier Foundation, conduct ongoing research on cyber attacks, while their security analysts give special attention to malware. Given the recognition that 80 percent of US media outlets have been penetrated through directed attacks, security specialists raise crucial issues. Jim Aldridge of Mandiant, a consultant based in the Washington, D.C. helps global organizations respond to complex security incidents. At issue are “targeted intrusions by state-sponsored threat actors.” Preventively he studies penetration testing, network architecture, security strategy, and incident remediation.

Transparency, at whatever level of detail of insight a person can have about what the NSA does, extends to Google’s delicate handling of FISA requests. Recent revelations about the NSA surveillance of the Chinese telecom company Huawei suggests the routine quality of clandestine surveillance. Considering the differences between NSA and Chinese monitoring of communications, one notes a key distinction between surveillance for sovereign political needs rather than industrial espionage with collusion between industry and government.

A listening post described recently, People’s Liberation Army facility, Unit 61398, in Shanghai gives some spatial context. NSA has been watching the watchers and tracking telecom giant Huawei and some 20 hacking groups, designated as army and navy units. Their tracks are visible, breaking into US government networks, into companies including Google, and into sensitive military suppliers.

Huawei has long been deemed a security threat, and is banned from doing business with the US because of the risk of the “back doors” its equipment might leave open. Huawei has become the exclusive supplier of cell phones to Thailand. Since 2000 another Chinese telecom giant ZTE has created a telecom infrastructure adapted to the needs of the Ethiopian government and its repressive policies. ZTE supplied all telecom equipment to Ethiopia from 2006 to 2009. Human Rights Watch criticized human rights abuses related to unlawful mobile surveillance in Ethiopia.

Cyber attacks create a significant market for expertise, purchase of and modification of commercial software. Inside Google and the NSA, security experts conduct counter-surveillance, watching in real-time the behavior of Malware and directed attacks. Google and McAfee security convey some details of their research into cyber attacks against their users and particularly note the sophistication of malware that is very hard to detect. Google communicates to the NSA, instances of its customers being the focus of attacks from government hackers.

McAfee research observed the vulnerability to mobile devices that download apps, which may be collecting more data or differently than similar apps. “Overcollecting” may be linked to the transfer of batches of data and personal identifiers that can be bought and traded. Glenn Wilkinson of Sensepoint has described the karma attack, where a “rogue operator” mimics a previously joined network that a user then joins, thinking it is safe.

Software sold by Hacking Team supplies “lawful intercept technology” able to get past encryption and take control of computers remotely. The firm is honest: “It is spyware. It is a trojan horse. It is a bug. It is a monitoring tool.” Gamma International, a UK-German company supplies FinFisher software marketed to law enforcement, which allows security and intelligence officials to have a window into files, content and activity on a breached computer. Through logging keystrokes and passwords, their malware can control webcam and microphone and transform the computer into a surveillance instrument.

EU regulations and other standards classify products like those supplied by Hacking Team and Gamma International as “dual use,” for law enforcement agencies legitimate need to intercept the communications of those suspected of breaking the law. Reports suggest that rather than suspected criminals, the objects of surveillance have been political dissidents. Gamma International products were used by Hosni Mubarak’s regime in Egypt. In 2013 Reporters Without Borders grouped Gamma International with four other “Corporate Enemies of the Internet” who are “digital era mercenaries.”

Sensepoint has recently introduced Snoopy, a helicopter surveillance drone that can capture information from cell phones including e-mail passwords, Facebook account information, and even banking details. Wilkinson described a Snoopy scenario: security officials could fly their drone over protest and create an elaborate social network map of the protesters from all of that collected data. With “dual use” technology available and apparently distanced from ethical reflection, Google and McAfee conduct real-time research, examine threats of cyber attack, security breach and malware proliferation, and look to the next round of attacks.